5th March 2014, MALVERN, UK . Malvern-based cyber security company IASME Consortium Ltd, has signed an agreement to licence the IASME assessment process to information risk management specialists Ascentor Ltd. Ascentor become the first external assessors trained and licensed to assess against this essential new standard.
IASME has recently been recognised as the best cyber security standard for small companies by the UK Government in consultation with trade associations and industry groups.
The new risk-based standard for SMEs
IASME is the information and cyber security standard for SMEs. Based on international best practice it provides the only credible security management standard for small organisations including businesses, charities and smaller government departments.
Funded by the Government’s Technology Strategy Board, the IASME standard was developed to create a cost effective and more appropriate alternative to the international standard, ISO/IEC 27001, for small companies. The standard combines research in small company security with best practice such as ISO/IEC 27001, NIST 800-50, and the SANS/CPNI Critical Controls.
IASME is designed to fit with a small company budget and was developed and trialled over several years in collaboration with numerous firms across different markets.
IASME is one of just three non-governmental organisations to sit on the drafting panel for the new Government Basic Cyber Hygiene Profile.
IASME and the Government supply chain
Small companies in the Government supply chain pose a known threat to information security. With a growing awareness of the cyber threat, supply chain companies are increasingly asking their small suppliers to show that they have at least a basic level of cyber security within their company. Getting assessed and accredited to the new IASME standard is the easiest, most cost effective way for smaller companies to do this.
IASME allows SMEs in a supply chain to demonstrate their level of information and cyber security maturity, proving they are able to properly protect their own information and that of their customers and partners.
The standard is risk-based and supported by accredited assessors from Ascentor who will visit a company and produce a risk assessment, gap analysis and implementation plan before returning at a later date to complete the formal assessment, which will lead to certification.